mirror of
https://github.com/nicotsx/zerobyte.git
synced 2026-04-18 13:57:52 -04:00
2ff6451f37
test: use better-auth built-in test plugin refactor: map auth errors server side refactor: native trusted providers callback usage <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Enhanced SSO authentication error messaging with specific guidance for different failure scenarios (account linking required, email verification needed, banned accounts, invite-only access). * **Chores** * Updated authentication dependencies to version 1.5.0. * **Tests** * Extended test coverage for SSO error code handling and authentication scenarios. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
75 lines
2.4 KiB
TypeScript
75 lines
2.4 KiB
TypeScript
import { test, describe, expect } from "bun:test";
|
|
import { createApp } from "~/server/app";
|
|
import { serverEvents } from "~/server/core/events";
|
|
import { createTestSession, getAuthHeaders } from "~/test/helpers/auth";
|
|
|
|
const app = createApp();
|
|
|
|
describe("events security", () => {
|
|
test("should return 401 if no session cookie is provided", async () => {
|
|
const res = await app.request("/api/v1/events");
|
|
expect(res.status).toBe(401);
|
|
const body = await res.json();
|
|
expect(body.message).toBe("Invalid or expired session");
|
|
});
|
|
|
|
test("should return 401 if session is invalid", async () => {
|
|
const res = await app.request("/api/v1/events", {
|
|
headers: getAuthHeaders("invalid-session"),
|
|
});
|
|
expect(res.status).toBe(401);
|
|
const body = await res.json();
|
|
expect(body.message).toBe("Invalid or expired session");
|
|
});
|
|
|
|
test("should return 200 if session is valid", async () => {
|
|
const { headers } = await createTestSession();
|
|
|
|
const res = await app.request("/api/v1/events", {
|
|
headers,
|
|
});
|
|
|
|
expect(res.status).toBe(200);
|
|
expect(res.headers.get("Content-Type")).toBe("text/event-stream");
|
|
await res.body?.cancel();
|
|
});
|
|
|
|
test("should cleanup SSE listeners when client disconnects", async () => {
|
|
const { headers } = await createTestSession();
|
|
const initialCount = serverEvents.listenerCount("doctor:cancelled");
|
|
|
|
const res = await app.request("/api/v1/events", {
|
|
headers,
|
|
});
|
|
|
|
expect(res.status).toBe(200);
|
|
|
|
for (let i = 0; i < 20 && serverEvents.listenerCount("doctor:cancelled") < initialCount + 1; i++) {
|
|
await new Promise((resolve) => setTimeout(resolve, 10));
|
|
}
|
|
|
|
expect(serverEvents.listenerCount("doctor:cancelled")).toBe(initialCount + 1);
|
|
|
|
await res.body?.cancel();
|
|
|
|
for (let i = 0; i < 20 && serverEvents.listenerCount("doctor:cancelled") > initialCount; i++) {
|
|
await new Promise((resolve) => setTimeout(resolve, 10));
|
|
}
|
|
|
|
expect(serverEvents.listenerCount("doctor:cancelled")).toBe(initialCount);
|
|
});
|
|
|
|
describe("unauthenticated access", () => {
|
|
const endpoints: { method: string; path: string }[] = [{ method: "GET", path: "/api/v1/events" }];
|
|
|
|
for (const { method, path } of endpoints) {
|
|
test(`${method} ${path} should return 401`, async () => {
|
|
const res = await app.request(path, { method });
|
|
expect(res.status).toBe(401);
|
|
const body = await res.json();
|
|
expect(body.message).toBe("Invalid or expired session");
|
|
});
|
|
}
|
|
});
|
|
});
|